<?php
include_once(NUKE_BASE_DIR.'header.php');
include_once("modules/".$module_name."/menu.php");
OpenTable();
//get the username of the submited form (see main. php -> <input name=\"sender_name\" type=\"hidden\" value=".$userinfo['username']." /> )
$username = $_POST['sender_name'];
//Get the path where we will be uploading from the database
$path= $config['path'];
//Generate a unique value to append with the filename, why? so we are sure we do not overwright an existing image on the server
$random_digit=rand(0000,9999);
//Generate a unique code which will be used for the user to delete his own images, if we would use id's to do that any member of your site could manipulate the url and delete the images of other members
$uniquecode=rand(000000,999999);
//Get the different files option like the type, name,....
$filetype = $_FILES["file"]["type"];
$filesize = $_FILES["file"]["size"];
$error = $_FILES["file"]["error"];
$filename = $random_digit.$_FILES['file']['name'];
$fileparts = pathinfo($filename);
$filetmp = $_FILES['file']['tmp_name'];
$imageinfo = getimagesize($filetmp);
//Get the maximum size a user can upload from the database
$maxsize = $config['maxsize'];
//append the path with the filename
$url = $path.$filename;
//set the allowed extensions in an array
$allowed = array(
    'gif'=>'image/gif',
    'jpg'=>'image/jpeg',
    'jpeg'=>'image/jpeg',
    'png'=>'image/png');
//get the extension of the file
$key = strtolower($fileparts['extension']);
//check for valid file or mime type
if (!array_key_exists($key, $allowed) || $imageinfo['mime'] != $allowed[$key]) 
{
	//if not valid print message
	echo "<center><img src='modules/".$module_name."/display/block.png' alt='"._CANTUPLOAD."' title='"._CANTUPLOAD."' border='0' /><br />"._UPLOADPROBLEM."<br /></center><br /><br />";
	echo "<div align=\"center\">[<a href=\"modules.php?name=Upload\">"._GOBACK."</a>]</div>";
} 
else
{
	if ($error > 0)
    {
		//if valid but errors occured print message with the known error
		echo _ERROR.": ".$error."<br />";
	}
	else
	{
		//if everything worked well print the name, type,... and move the file to the server and database
	    echo "<center><img src='modules/".$module_name."/display/accept.png' alt='"._SPARKY."' title='"._SPARKY."' border='0' /><br />"._UPLOADSUCCES."<br /></center><br /><br />";
	    move_uploaded_file($filetmp, $url);
		$result = $db->sql_query("SELECT * FROM `". $prefix ."_upload`"); 
		$db->sql_query("INSERT INTO ".$prefix."_upload (username, img, uniquecode) VALUES ('".$username."','".$filename."','".$uniquecode."')",$result) or die(mysql_error());
		echo "<div align=\"center\">[<a href=\"modules.php?name=Upload\">"._UPLOADNEW."</a>] &middot; [<a href=\"modules.php?name=Upload&amp;op=yourimages\">"._CHECKNEW."</a>]</div>";
	}
}
CloseTable();
include_once(NUKE_BASE_DIR.'footer.php');
?>